Share This Story!

Baby steps toward more security online for users

The Internet is getting a little, though not a lot, more secure. Yahoo announced at the Black Hat computer security conference here Thursday that it will roll out encryption capabilities for Yahoo mail.

Post to Facebook

{#
#}

CancelSend

Sent!

A link has been sent to your friend's email address.

Posted!

A link has been posted to your Facebook feed.

Join the Nation's Conversation

Baby steps toward more security online for users

Google says it's starting to use HTTPS encryption as a ranking signal as part of its effort to make the Internet safer. Google said for now, it's a lightweight signal, affecting fewer than 1% of global queries.
Newslook

LAS VEGAS – The Internet is getting a little, though not a lot, more secure.

Yahoo announced at the Black Hat computer security conference here Thursday that it will roll out encryption capabilities for Yahoo Mail users next year.

And Google announced it is adding a new wrinkle to how it ranks websites: It's adding how secure they are as one of the criteria.

Some are calling this part of "the Snowden effect" as U.S. Internet companies scramble to protect their traffic from the prying eyes of government. The depth of that prying was revealed when Edward Snowden leaked National Security Agency documents last year.

The Yahoo announcement came in a talk at Black Hat by the company's chief information security officer, Alex Stamos.

Yahoo's users will be able to use an email encoding program that sends email through a kind of digital tunnel that hides messages that go through it. To anyone looking from the outside ,the message will just be gobbledy-gook.

Google's Gmail made the same type of encryption available to its users in June. Yahoo said it is working with Google to make the two systems compatible.

Google will begin rank sites that use encrypted connections higher than those that don't.

Users can tell the difference by looking at a website's address. HTTP, hypertext transfer protocol, is the original. The more secure version of the protocol is marked by an S to the address, making it HTTPS – hypertext transport protocol secure.

So an address that beings with https:// would get a slightly higher ranking on Google than one that just began with http://.

"For now it's only a very lightweight signal—affecting fewer than 1% of global queries," Google said on its blog, but that will change with time, to offer an incentive for websites to switch.

Encryption is essential for cybersecurity, says Stephen Cobb, a researcher with the security company ESET in San Diego, Calif.

"This ability to encrypt data to high standards, making it inaccessible to everyone except holders of the decryption key, has been around for a long time," Cobb wrote in his blog. The failure to use encryption is "increasingly egregious," especially for companies that should know better.

But protection for users could be much better, said Marc Rotenberg with the Electronic Privacy Information Center in Washington D.C. The encryption Google is using is good for communications in transit, but not stored data, he said.

"They only encrypt Gmail to and from the servers, so that they can open message traffic for advertising revenue. That is like the postman waiting till all the mail is at the post office before opening the mail."